octocode-pull-request-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests remote, user-generated GitHub content (PR diffs, PR comments, and repository guideline files like .octocode/pr-guidelines.md) via github* tools (see Phase 1 "Check for existing context files" and Phase 2 "Fetch PR metadata" / "Fetch existing PR comments") and then uses those files as required review guidelines and to drive analysis, which allows untrusted third-party content to influence the agent's decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly accepts and uses PR URLs (e.g., https://github.com/{owner}/{repo}/pull/{number}) at runtime and calls github* tools (githubSearchPullRequests/githubGetFileContent) to fetch remote repo file content which is injected into the agent context and thus directly controls prompts/analysis.